Software licensing has been used for some time in the software industry as a means of controlling use of software, and more particularly, for the purpose of limiting or eliminating unauthorized use of software, known as software piracy.
The resulting economic dislocation that occurs due to software piracy is severe. As the cost of developing and supporting software programs increases, the need to reduce piracy grows. One of the key elements of reducing software piracy is through the use of an electronic software license, delivered to the authorized user to enable the software program to operate. The electronic license includes the required information in a form that is understood by the software program, and contains license terms.
License terms are the terms that apply to the use of the particular copy of the software program, and can include a start date, an end date, a number of program launches, fingerprint information to limit use on a specific local area network or on a specific machine, and other controlling information. For increased security, the electronic software license may be encrypted to hamper hacker efforts to bypass its function. This requires that the software program contain a decryption key to decrypt the license before extracting the information required.
Since the runtime environment for the software program and its authorizing code is typically unprotected, such as with Microsoft Corporation's Windows Operating System, and a large number of programmers have extensive knowledge of programming on such a system, it is difficult to effectively protect software running on such machines. All one can do is increase the difficulty of bypassing the electronic license functionality, but without significant inconvenience to the user or to the software developer, the reseller, or to technical support for the software program.
Previous efforts to authenticate a software license have used techniques such as “challenge/response” to deliver the required information to the electronic license on the user's machine. These often have been encoded in a series of alphanumeric characters to make it easy to deliver the challenge and receive the response, such as by phone, or by email, where direct web delivery is not practical. This method requires the user to copy and paste, type, or read the challenge, depending on the communication means used to delivery the challenge, and likewise to copy and paste (or type in) the response. For very small responses, this is not too difficult. However, as the required content of the response increases with increasing complexity, this becomes unwieldy and inconvenient for the user. One of the increases in complexity comes from the use of digital signatures, which are desired to improve security.
An important factor in delivery of a solution to these problems is a toolset that can be used by the software product developer/publisher to convert his software product into a “license-managed” product with minimum effort and complexity. The step of licensing the toolset to the developer represents a challenge to the security of the licensing system. Specifically, it is possible for the software hacker intent on breaking the licensing system to purchase a copy of the toolset for the purpose of reverse-engineering the toolset to help in the hacking process. Thus, what is needed is a method for insuring the identity of the toolset purchaser for the purpose of denying access to the toolset by known hackers or individuals with no known software products and suspicious intent.
This problem extends to the purchasers of the license-managed software products, as well. Specifically, a hacker can purchase a copy of the license-managed software for the purpose of reverse-engineering the licensing system. If a successful hack is created to bypass the license terms, such that copies of the software product can be freely (but illegally) distributed, there is often no way to determine the origin of the software hack, i.e., the identity of the person who purchased the software product.
Accordingly, what is needed is a toolset to enable software developers or published to easily convert their unprotected software products, such as programs or software resources, including clip art or fonts, to “license-managed” software products. This toolset should use a similar secure licensing system to the one it generates for the license-managed software product. In other words, the toolset ideally should use the same mechanisms to provide licenses for its own use as it provides for use with the developer/publisher product. This licensing system should establish a secure identity link from the end user all the way back to the toolset provider for the purpose of accurately identifying the individuals within the chain, such that the source of the hack can be traced back to either the software publisher or end user, to assist in the effort to stop the illegal activities. The present invention addresses all of these needs.